package com.csair.seam.infrastructure.web.interceptor;

import java.util.Objects;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;

import com.csair.seam.infrastructure.sso.CustomSsoActor;
import com.csair.seam.infrastructure.web.BaseInterceptor;

@Component
public class AdminAuthInterceptor extends BaseInterceptor implements HandlerInterceptor {

    @Value("${dictionary.admin-list}")
	private String adminList;

    @Override
    public boolean preHandle(HttpServletRequest request,
                             HttpServletResponse response,
                             Object handler) throws Exception {
    	String account = (String) Objects.requireNonNull(request.getSession().getAttribute(CustomSsoActor.SESSION_KEY_ACCOUNT));
    	boolean isAdmin = StringUtils.contains(adminList, account);
    	if(!isAdmin) {
    		returnJson(response,"{\"code\":3,\"msg\":\"当前用户无权限进行此操作!\"}");
    	}
        return isAdmin;
    }

}
